Djecrety is hosted on Github Pages and doesn't have any back-end
code or database.
The keys generate on demand and it's completely random and
never store to any file or database.
That's all. So you can safely use Djecrety.
As Django official documentation says:
A secret key used to provide cryptographic signing, and should be set to a unique, unpredictable value.
Running Django with a known SECRET_KEY
defeats many of
Django’s security protections, and can lead to privilege
escalation and remote code execution vulnerabilities.
So recommended: Keep it safe. Ignore
settings.py
file in your commits. Change the secret
key on your deploy. If you lost the secret key for any reason or
the server got compromised change it as soon as possible.
After creating your project:
settings.py
file and rename
it to settings.py.sample
.
settings.py.sample
file and set
SECRET_KEY
value empty.
SECRET_KEY = ''
settings.py
file to .gitignore
file. (If using git)
settings.py.sample
file.
settings.py
.SECRET_KEY
value to the new secret key
generated with Djecrety in settings.py
file.